792d8650d3
As described in the system/core commit with the same Change-Id,
there's a race condition between installd and sdcard when it
comes to accessing /data/media. Resolve the race by checking
/data/.layout_version to make sure the filesystem has been upgraded.
Maybe indirectly fixes the following SELinux denial:
sdcard : type=1400 audit(0.0:3): avc: denied { write } for name="media" dev="mmcblk0p17" ino=102753 scontext=u:r:sdcardd:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir
Bug: 16329437
Change-Id: I5e164f08009c1036469f8734ec07cbae9c5e262b
23 lines
802 B
Text
23 lines
802 B
Text
type sdcardd, domain;
|
|
type sdcardd_exec, exec_type, file_type;
|
|
|
|
init_daemon_domain(sdcardd)
|
|
|
|
allow sdcardd cgroup:dir create_dir_perms;
|
|
allow sdcardd fuse_device:chr_file rw_file_perms;
|
|
allow sdcardd rootfs:dir mounton;
|
|
allow sdcardd sdcard_type:filesystem mount;
|
|
allow sdcardd self:capability { setuid setgid dac_override sys_admin sys_resource };
|
|
|
|
allow sdcardd sdcard_type:dir create_dir_perms;
|
|
allow sdcardd sdcard_type:file create_file_perms;
|
|
|
|
type_transition sdcardd system_data_file:{ dir file } media_rw_data_file;
|
|
allow sdcardd media_rw_data_file:dir create_dir_perms;
|
|
allow sdcardd media_rw_data_file:file create_file_perms;
|
|
|
|
# Read /data/system/packages.list.
|
|
allow sdcardd system_data_file:file r_file_perms;
|
|
|
|
# Read /data/.layout_version
|
|
allow sdcardd install_data_file:file r_file_perms;
|